Yubico Forum :: View topic - setup yubiphpbase

Yubico Forum https://forum.yubico.com/

setup yubiphpbase https://forum.yubico.com/viewtopic.php?f=5&t=315	Page 1 of 1

Author:	aurelien [ Wed Apr 22, 2009 11:21 am ]
Post subject:	setup yubiphpbase
Hi I'm reading this tutorial : http://code.google.com/p/yubiphpbase/wiki/SetUp but I have some questions : In the part "Set up the database" there is : Quote: * Use your admin email in the following INSERT statement. The API secret is base64-encoded and is generated by running "db/utils.php". INSERT INTO `clients` VALUES (1,1,1,'1970-01-01 00:00:00','your_email@your_email_domain.com','571dm......T983eDqhuOplnHk8=',NULL) Do I just need to put the mail adress or complete all the table? How can I use utils.php ? because when I copy it to its parent directory, the file doesn't work... It needs the file config.php and I don't know what I have to put in : Quote: $aesParams['__ADM_KEY_SECRET__'] = '.....enter yours.....'; Quote: $aesParams['__ENC_KEY_SECRET__'] = '.....enter yours.....'; Then a wsapi/common.php is recquired, I put files of yubikey-val-server-php in a wsapi folder And another problem : lots of functions used by yubiphpbase/appinclude are redifined in the common.php and a last question : what is kms???

Author:	network-marvels [ Wed Apr 22, 2009 11:37 am ]
Post subject:	Re: setup yubiphpbase
We are working on the code restructuring and it will be finished soon. We will update you as soon as we finish it.

Author:	network-marvels [ Mon Apr 27, 2009 1:16 pm ]
Post subject:	Re: setup yubiphpbase
We apologize for the delay ! We have completed the code restructuring task and released a new PHP based YMS and validation server. Please visit the following link for more information: http://www.yubico.com/developers/srv/ Feel free to write back to us in case you face any problems.

Author:	aurelien [ Mon Apr 27, 2009 3:47 pm ]
Post subject:	Re: setup yubiphpbase
ok thanks I have some doubts about the file config.php : Quote: // OTP from your admin key you are to use to log in to KMS // Eg. $otp = 'gklhtdkvrbfnbuicngergckgdfvfrbfjfhgiffghcithv'; $otp = '...enter yours...'; Do I just need to press my yubikey? Quote: // This is the AES secret inside your key // Eg. $aesParams['__ADM_KEY_SECRET__'] = '7Bs1Rl4Itr2+ZmbyO/KCWQ=='; $aesParams['__ADM_KEY_SECRET__'] = '.....enter yours.....'; I don't know what it is Quote: // Make up a random secret to encrypt data in DB in b64 format // Eg. $aesParams['__ENC_KEY_SECRET__'] = 'gklftrkvbvcbfhdafbedtjerrbbcgkuk'; $aesParams['__ENC_KEY_SECRET__'] = '.....enter yours.....'; Do I press the yubikey again? Edit : When I try to run the utils.php I obtain nothing...

Author:	network-marvels [ Tue Apr 28, 2009 4:13 pm ]
Post subject:	Re: setup yubiphpbase
Please follow the below mentioned steps to install and configure the YMS server: 1) Download the following projects from Google code: a) yms b) yubico-php-lib c) yubikey-ksm d) yubikey-val-server-php e) yubiphpbase 2) Install and configure the "yubikey-ksm" project as per the installation instructions provided on the wiki link 3) Go to the "yubiphpbase" project and perform following steps: a) Copy the "config.php.sample" file to "config.php" b) Populate the "config.php" file as follows: We are assuming following parameters for hosting a Yubico Validation Server and assuming the the "yubikey-ksm" project is installed properly and admin YubiKey is inserted into the "yubikey-ksm" database. 1) Pin for two factor authentication : 12345 2) Random Secret: YubicoYubikey (Base64 encoded output: WXViaWNvWXViaWtleQ==) 3) MySQL Database Server hostname: sql.test.com 4) MySQL User name : yubico 5) MySQL User password: test123 6) MySQL Database name: yubikey 7) Root Email Address: admin@test.com 8) Apache http document root: /var/www/html The content of yubiphpbase config.php based on above parameters would be: Code: <?php /****************************************************** * * Customize EVERY parameter for your environment * ****************************************************/ //// AES secrets // $aesParams = array (); /*** Erase this section after installation ****/ // OTP from your admin key you are to use to log in to KMS // Eg. $otp = 'gklhtdkvrbfnbuicngergckgdfvfrbfjfhgiffghcithv'; $otp = 'vrkvfefuitvfiuibirllecjgbbnfhhirchithtvfrrbd'; // Admin PIN as the 2nd factor of auth //Eg. $pin = '12345678'; $pin = '12345'; // This is the AES secret inside your key // Eg. $aesParams['__ADM_KEY_SECRET__'] = '7Bs1Rl4Itr2+ZmbyO/KCWQ=='; $aesParams['__ADM_KEY_SECRET__'] = '.....enter yours.....'; * ******** End of section to erase after installation ***/ // Make up a random secret to encrypt data in DB in b64 format // Eg. $aesParams['__ENC_KEY_SECRET__'] = 'gklftrkvbvcbfhdafbedtjerrbbcgkuk'; $aesParams['__ENC_KEY_SECRET__'] = 'WXViaWNvWXViaWtleQ=='; //// DB, email and web related // $baseParams = array (); $baseParams['__DB_HOST__'] = 'sql.test.com'; $baseParams['__DB_USER__'] = 'yubico'; $baseParams['__DB_PW__'] = 'test123'; $baseParams['__DB_NAME__'] = 'yubikey'; // Eg. $baseParams['__ROOT_EMAIL__'] = 'support@yubico.com'; $baseParams['__ROOT_EMAIL__'] = 'admin@test.com'; $baseParams['__ORDER_URL__'] = 'http://yubico.com/products/order/'; $baseParams['__DOMAIN__'] = 'localhost'; // Eg. $baseParams['__DOC_ROOT__'] = '/apache/htdocs/' $baseParams['__DOC_ROOT__'] = '/var/www/html'; //// Validation server // $valParams = array (); $valParams['__VAL_URL__'] = 'http://localhost/yubikey-val-server-php/verify.php?id='; //// HTML related // $headParams = array (); $headParams['__SHORTCUT_ICON_URL__'] = 'http://localhost/kms/images/favicon.ico'; //// KMS admin activation welcome letter // $letterParams = array (); $letterParams['__KMS_URL__'] = 'http://localhost/yms'; ?> c) run install.php file as follows: Code: # php install.php This will populate the yubikey database. d) Open "appinclude.php" and change "$devMode" to "true" from "false" e) Open "yubi_lib.php" and change the followings: 1) From line 87, change $url to "$url = "http://localhost/yubikey-val-server-php/verify.php?id="" 2) From line 113, change $id to 1 4) Go to the "yubikey-val-server-php" project and perform following steps: a) Copy config.php.sample to config.php b) Populate the "config.php" file as follows: Code:** <?php # -- php -- //// DB // $baseParams = array (); $baseParams['__DB_HOST__'] = 'sql.test.com'; $baseParams['__DB_USER__'] = 'yubico'; $baseParams['__DB_PW__'] = 'test123'; $baseParams['__DB_NAME__'] = 'yubikey'; // otp2ksmurls: Return array of YK-KSM URLs for decrypting OTP for // CLIENT. The URLs must be fully qualified, i.e., contain the OTP // itself. function otp2ksmurls ($otp, $client) { if ($client == 1) { return array("http://localhost/yubikey-ksm/ykksm-decrypt.php?otp=$otp"); } if (preg_match ("/^dteffujehknh/", $otp)) { return array("http://localhost/yubikey-ksm/ykksm-decrypt.php?otp=$otp"); } return array( "http://localhost/yubikey-ksm/ykksm-decrypt.php?otp=$otp", "http://localhost/yubikey-ksm/ykksm-decrypt.php?otp=$otp", ); } ?> 5) Try to login to the YMS server using the following url: http://localhost/yms We hope this helps ! Feel free to write back to us in case you face any problems.

Author:

zeroxten [ Fri Dec 04, 2009 5:25 pm ]

Post subject:

Re: setup yubiphpbase

One day. One day I shall get this working! Even if it kills me.

Specifically, it suggests above that one should install yubikey-ksm as per instructions on code.google.com project.

These instructions refer to:

Code:

The database needs to be initialized as follows:

lyra:~/yubikey-ksm# mysql < ykksm-db.sql 
lyra:~/yubikey-ksm# 

which will in turn create a "ykksm" database:

Code:

fscott@yubikey:~/yubikey-ksm$ head ykksm-db.sql 
-- drop database ykksm;
create database ykksm;
use ykksm;

create table yubikeys (
  id int not null auto_increment,

  -- identities:
  serialNr int not null,
  publicName varchar(16) unique not null,

According to the instructions above, we then start using a database called 'yubikey'.

This means that either

1) We have two databases: ykksm and yubikey

2) Or we have to edit ykksm-db.sql and change the database name

3) Or there is a typo in the instructions and the database name 'yubikey' should actually be 'ykksm'
Please clarify which is correct.

Thanks

Author:	network-marvels [ Mon Dec 07, 2009 11:07 am ]
Post subject:	Re: setup yubiphpbase
For installing the YMS server or the Yubico OTP validation server we need two databases. One is "yubikey" and the other is "ykksm". The "ykksm" database is used for storing the AES Keys for the YubiKeys and is accessed only by the "yubikey-ksm" module. The "yubikey" database is shared between the YMS server and the Yubico OTP validation server. The "yubikey" database stores the counter related information which is used by the Yubico OTP validation server for validating the YubiKey. The normal flow of OTP validation process is as follows: 1) We install the YMS Server, Yubico OTP validation server and the yubikey-ksm module 2) We insert the admin YubiKey information, i.e. AES Key, Public ID and Private ID into the yubikey-ksm module database (ykksm) 3) We then configure the YMS server and populate the database using the instructions given earlier in this post 4) We then access the YMS server interface and provide the OTP from our admin YubiKey 5) The OTP is sent to the Yubico OTP validation server 6) The Yubico OTP validation server forwards that OTP to the yubikey-ksm module 7) The yubikey-ksm module, retrieves the AES Key of the YubiKey (by using the first 12 characters of the OTP aka Public ID of the YubiKey). if the AES Key is found in the database, the yubikey-ksm module decrypts the OTP using the retrieved AES Key from the "ykksm" database or it sends error message to the Yubico OTP validation server. If the OTP is successfully decrypted, the yubikey-ksm module sends back the decrypted OTP which consists of different counter values to the Yubico OTP validation server otherwise sends error message. 8) The Yubico OTP validation server receives the OTP decryption results from the yubikey-ksm module. If it receives the decrypted OTP, it compares the different counter values against the values stored in the "yubikey" database. If the counter values are satisfying the OTP validation criteria, the Yubico OTP validation server sends OK status to the YMS server otherwise it sends the error message. Also, if an error message is received from the yubikey-ksm module, the OTP validation server forwards that error message to the YMS server 9) Depending on the OTP validation result received from the Yubico OTP validation server, the YMS server grants/denies access to it's interface. We hope this helps!

Author:	zeroxten [ Mon Dec 07, 2009 11:35 am ]
Post subject:	Re: setup yubiphpbase
Many thanks for the update! Hopefully I'll get time this afternoon to try it out.

Author:	zeroxten [ Mon Dec 28, 2009 3:56 pm ]
Post subject:	Re: setup yubiphpbase
Got it all working eventually... had to make a couple of minor changes to pam_yubico.c to allow for 16 char public ids and ldap v3. Now just a question of how to integrate it with SSH and Kerberos

Page 1 of 1	All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/